Friday, May 16, 2008

What is Capabilities Digest?

I'm pushing an agenda, Capabilities as a means of fixing a lot of the problems with computer security. The most effective way to push an agenda in 2008 appears to be the same one that has worked for a very long time... find an area to focus on, and try to occupy it. Traditionally this occupation is in terms of knowledge or skill.

I'm spending time and innumerable frustrating searches on this topic. Capability based security is not even close to Google friendly. Because there isn't a specific set of buzzwords to describe the concepts involved, the terms that do get used are sufficiently common that most searches get a ton of noise. I've spent a lot of time finding things of interest, so I'm sharing what I find on this topic, in this one space.

I'll keep original articles and other thoughts at my regular blog, and occasionally link back to it.

I'll also be pointing out things that are related, but near misses.

For example, I came across OAuth, which is about delegating access to Internet accessible resources without the need to share authentication information in a standard way. It's a good step in the overall evolution of security, but is not capabilities oriented.

I'll also be using Labels (tags) on the posts, with Hit or Miss to indicate if a given post is about a find that is or is not truly capabilities based.

In summary... I'm setting myself up as a gatekeeper to judge what is/isn't capabilities.

No comments: